← Back to all briefings

Cybersecurity · Credibility 92/100 · · 2 min read

United States Releases National Cybersecurity Strategy — March 2, 2023

The White House set out a zero-trust, secure-by-design, and critical infrastructure resilience agenda that shifts more cyber responsibility onto large firms and federal agencies.

Executive briefing: On the White House published the United States’ National Cybersecurity Strategy, outlining five pillars that call for minimum security baselines, modernised federal defenses, and greater accountability for critical infrastructure operators and software manufacturers. The strategy emphasises adopting secure-by-design principles, accelerating zero trust, and driving collective defense through stronger partnerships with industry and international allies.

Key actions in the strategy

  • Defend critical infrastructure. Expands sector-specific performance goals, regulatory harmonisation, and public-private incident response coordination to raise baseline safeguards.
  • Disrupt threat actors. Directs intelligence, law enforcement, and private-sector partners to increase joint operations against ransomware groups and state-sponsored campaigns.
  • Shape market forces. Signals forthcoming liability reforms for insecure software and procurement policies that reward secure development practices.

Control alignment guidance

  • NIST CSF 2.0. Use the updated framework and CISA cross-sector performance goals to prioritise zero trust roadmaps aligned with the strategy’s Pillar 2.
  • CMMC 2.0. Defense industrial base suppliers should track contracting language that will embed the strategy’s secure software development requirements.
  • ISO/IEC 27036. Update third-party risk programmes to reflect the strategy’s emphasis on cascading supplier assurance and incident collaboration.

Operational recommendations

  • Brief executives on pending U.S. rulemakings (CIRCIA, TSA directives, SEC disclosures) signalled in the strategy and assign liaisons to monitor each docket.
  • Accelerate zero trust implementation plans—especially identity governance, network segmentation, and continuous diagnostics—using CISA and OMB reference architectures.
  • Engage legal and product teams to evaluate software liability exposure and integrate secure-by-design controls into development lifecycles.
  • United States
  • National strategy
  • Critical infrastructure
  • Zero trust
Back to curated briefings